1) I create a new Project, save it to newly created folder2) Put just a button on my form3) Run... works fine, create an EXE that is 14.7 MB4) Go into Prj. Options and UNCHECK the "Generate Debugger info... in exe" (Hopefully to reduce EXE file size)5) Compile to EXE at (1.7 MB)6) Try to Double-click EXE to run directly and get this error..."Windows cannot access..." (see screen #1 below)7) After a minute, my BitDefender AntiVirus quanartines it. It thinks it is a virus. (see screen #2 below) I go back into LAZ, turn on the Debugger again and now it will never compile again in that folder. And I get error saying cannot run exe (see #3 screen)9) Then it displays the project1.lpr file highlighting the "end." line

No matter what i do, I cannot create another EXE in this folder or with LAZ on this project.I have to actually delete the folder and create a new folder... BUT NOT TURN OFF the DEBUGGER check box.

What is going on with the DEBUGGER CHECK BOX causing BitDefender to flag it as a virus.

As long as I don't uncheck the Debugger, BitDefender doesn't quarantine anything.

It was created on the fly... as soon as LAZ created it (with Debugger unchecked)... BitDefender removed it.It is seeing "Gen.Variant.Graftor".... where did it come from?

I understand it's a false positive, but what is in the created EXE that BitDef thinks it is a GenVariant?

FYI... I did find the exclusion in BitDef... testing it now

UPDATE:The Exclusion didn't work on the folder that did delete the exe (so I had to delete the folder)But, recreating a different folder and turning off the debugger and recompiling a new project worked.

Bitdefender (and other) antivirus programs uses heuristic analysis (it can be turned off) to detect unknown viruses on the wild. This analysis consist detecting certain known byte patterns (aquired from known virus samples) in binary files. Unfortunately this causes false positives to came out in even legitimate and virus free binaries.

Some anti-viruses are paranoid about any CreateProcess API calls. For example my Launcher.exe. All it does - detects, whether Windows is 32bit or 64bit and launches application from either Bin32 or Bin64 folder. And what? See screenshot below. Also there are problems with this file: when I compile program on same computer - everything is fine. But when I copy it from flash drive - my antivirus doesn't quarantine it, but refuses to launch it.

And in case of same program, but compiled via Lazarus - situation is even worse. See second screenshot.

Interesting, but can't really call this solved if the solution is to leave debugging enabled. That's just a work around.

To really solve this requires action from bitdefender. Report it and hope they do something about it. I've had to report false positives to other AV companies in the past, some are excellent in responding, others - not so much.

>It marked it solved, because I have determined that it is not LAZ's fault.

this.

Unfortunately, a false positive is a problem all devs are going to encounter from time to time. Especially if you have users running all kinds of bloatware AVs that they got pre-installed when they bought the computer and have no idea how to use.

You can use virustotal to find problems before you release and the users do, but there's 50+ security tools out there.

I don't mean to meaninglessly bump this post, but I think I can offer some explanation for what is causing the false positive due to past experience. Often AVs will mark programs that interact with the WinAPI on a very low level as is most likely done by the LCL. Keyloggers and programs which try to remove all traces that they are running often use these APIs, but so do game frameworks and windowing toolkit implementations.

Just lazy anti-viruses, that don't support proper anti-virus bases and use some dumb heuristics instead, like "uses certain API call = possible virus". Serious heuristic anti-viruses, like AVZ, don't report my programs as viruses. I've also encountered even stupider problem: I uploaded my application to file hosting, that was using very strict rules - only 1 possible virus report from virustotal and your file has to be deleted. Guess what? One or two of anti-viruses didn't support 64bit apps, packed via UPX, and simply reported them as possible viruses - my program was deleted from file hosting due to this reason. Something like that: